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Title : 

ARRANGEMENT AND METHOD FOR FILTERING DATA COMMUNICATION 

5 

FIELD OF THE INVENTION 

The present invention relates to controlling the transfer of 
data packets between external packet data networks and end users 
of a communication system supporting communication of packet 

10 data. Particularly it relates to an arrangement in a (mobile) 
communication system supporting communication of packet data 
with a number of end user stations, a backbone network and a 
number of end user access means for providing access between end 
user stations and external packet data networks, which comprises 

15 information control means. 

The invention particularly also relates to a method of 
controlling the communication of data between a number of 
external IP networks and an end user station in a communication 
20 system comprising a backbone network supporting communication of 
packet data. 

STATE OF THE ART 

The usage -of Internet services is growing rapidly and the number 
25 of end users attached to the Internet is also growing very 
rapidly. This makes it possible to distribute for example 
information and advertisements to a large number of end users in 
a very simple manner. However, the situation may occur that the 
distributed information or the advertisement etc. is not wanted 
30 by the end user. An end user actually runs the risk of being 
flooded by unwanted information. In addition to being extremely 
annoying for the end user, the end user may be charged for the 
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time the end user or the mobile host is connected to for 
example an ISP (Internet Service Provider), and, even worse, is 
charged based on the amount of data the mobile host or the end 
user receives from the external data network. The end user may 
5 also be charged for the amount of data that is transmitted to 
the external network. However, the end user has means to control 
the transmission of data but he has, today, absolutely no 
control as far as the reception of data is concerned. The 
consequence thereof will be that the user of the mobile host or 

10 the mobile station does not have any control of the costs, which 
is a serious problem. When a mobile end user station or a mobile 
host is connected by radio, over an air interface, to for 
example a backbone network, or generally within the wireless 
community of data communication, the bandwidth for transferring 

15 data to and from a mobile host is limited due to the air 
interface . 

Thus, the problems relating to charging are considerable. 
Moreover, a user of a mobile host may be swamped by unwanted 
20 data, such as for example unwanted push advertisements which 
clearly also is not desirable. Furthermore, the transmission of 
data that actually is not wanted by a user, indeed is a waste of 
network resources . 

25 These problems also exist in the fixed data communication 
community, but, in this environment, charging is generally not 
based on volume. However, it may well be volume based in the 
future and therefore also for a fixed data communication 
community similar problems may arise also as far as charging is 

30 concerned. 
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The only means available today to somehow control the 
distribution of packets to an end user, is provided by, in the 
case of Internet, the Internet Service Provider (ISP) which is 
the end user access point to the Internet or any other external 
5 network wherein some packet filtering technology may be 
implemented. This means however that firewalls may be configured 
for the whole network which is very inflexible. It would also be 
possible, if a particular end user does not want to receive some 
particular information, that an operator manually stops the 

10 traffic from a given origin or similar. This however presupposes 
that an end user actively informs the operator through a 
complaint or similar. Generally, any control procedures handled 
by the operator, are implemented for a whole network. Such 
solutions are not satisfactory since they are not simple and 

15 they involve high costs per se. Consequently, with today known 
control means, an increasing number of end users will still 
receive, and pay for, unwanted information, advertisements etc. 
Another serious problem is when someone abuses the system and 
maliciously sends (large amounts of) information to one or more 

20 end users resulting in the end user actually having to pay for 
the malicious action, and the end user might not even be able to 
receive the information he actually wants to receive. 

SUMMARY OF THE INVENTION 

25 What is needed is therefore an arrangement through which the 
control of distribution of information, advertisements etc. to 
an end user can be improved or rather provided for. An 
arrangement allowing a flexible control of the distribution of 
information to end users is also needed. Generally an 

30 arrangement is needed through which it is prevented that an end 
user or a mobile host has to pay for unwanted information or for 
the time he/it is connected due to transfer of unwanted 
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information. Moreover an arrangement is needed through 

which the network resources are not unnecessarily used for 
transfer of unwanted information and through which network 
resources thus can be saved. An arrangement is also needed 
5 through which can be prevented that a mobile host, or a fixed 
host, be swamped by unwanted data such as for example unwanted 
push advertisement or similar. An arrangement is also needed 
through which abuse can be prevented, or at least that the 
consequences for an end user due to malicious actions can be 
10 reduced. A method of controlling the transfer of data is also 
needed through which one or more of the above mentioned objects 
are fulfilled. 

Therefore the present invention provides an arrangement in a 

15 communication system, particularly a mobile communication 
system, which supports communication of packet data, and which 
comprises a number of end user stations, a backbone network, a 
number of end user access means (points) or access nodes for 
providing access between end user stations and external packet 

20 data, e.g. IP networks or X.25 networks. Information control 
means are provided which are end user controlled such that an 
end user selectively can control the reception of data packets 
from the external packet data network (s) over the access node. 
The end user stations are particularly connected to the backbone 

25 network over a radio interface. The end user stations may be 
mobile as well as fixed. The invention actually also covers the 
case when they are not connected by radio to the backbone 
network but where similar problems still may be present, e.g. 
for any of the reasons discussed above, such as volume based 

30 charging. The external packet data network may be the Internet 
but it may also be other external IP networks such as corporate 
LANs (Local Area Network) or X.25 networks etc. 
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The information control means particularly comprises an 
optional, end user remotely defined or set up filter. In a most 
advantageous implementation the filter is provided in the access 
5 means, also called an access point or an access node, to an 
external packet data, e.g. IP network. By provided it is here 
particularly understood that it is defined, or set up, and 
activated in the access means. 

10 For external packet data network, e.g. IP network, access, the 
access means are connected to a router, which, for Internet 
access, may be an ISP (Internet Service Provider) . For other 
packet data networks it may be other routing means; the external 
network may also be a PLMN (Public Land Mobile Network) or any 

15 other network routed through for example an ISP. 

Particularly the filter is defined by the end user, and to 
obtain the desired filtering functionality, a number of 
filtering function attributes are used to define the customized 
20 filter. For activating/defining (setting up) such a customized 
filter, a message signal is provided from the end user station 
by the end user wanting to implement a filtering functionality. 
The message signal is sent from the end user station (mobile 
host) to the access means or the access node. 

25 

According to one embodiment a specific or a new message is 
created for defining and/or activating the filter. In another 
embodiment, according to a generally even more advantageous 
implementation, an already existing message signal is used for 
30 setting up the desired filter functionality. It may for example 
relate to a standardized message that is used (also) for a new 
purpose and which is provided with information about the filter 
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requirements, i.e. the filtering function attributes 

which most advantageously are defined or given by the end user, 
such that a particular end user can create a filter according to 
his specific needs substantially at any time. The end user can 
5 also remove (shut off) the filter, change the filter 
requirements etc. using existing messaging provided with 
supplemental information or through the creation of entirely new 
signals or messages. 

10 This provides the user with an efficient and flexible means to 
set up a filter if he for example detects that someone 
maliciously transfers a lot of information to him or if large 
amounts of more or less uninteresting information is sent to him 
or whatever the reason may be for not wanting to receive some 

15 particular information (or all information except some 
particular information) . 

The filtering functionality may be positive or negative, i.e. 
defining either wanted information or unwanted information. If 
20 it is based on which of information an end user actually does 
want to receive, the filter may be set up according to the 
principles of merely allowing some specific information whereas 
filtering out all other information. 

25 The filtering functionality can be defined in many different 
manners. The filtering function attributes may be of many 
different kinds and herein merely some examples on attributes 
will be given. They may for example relate to one or more of 
source IP address, IP subnet, source port in IP header, source 

30 type of protocol in IP header, originating router, ISP or any 
other router, FTP files etc. This means for example that an end 
user can select to filter out all information with a given 
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source IP address, but it is also possible to filter out 
information from an entire subnet etc. 



Generally the definition/activation of a filtering 
5 functionality, i.e. setting up of a filter, presupposes a 
successful connection or attachment by an end user station to 
the backbone network. This is so because only then the end user 
address will be known such that packets received in the access 
means having a destination address corresponding to the address 
10 of the end user having defined or set up a filter, are exposed 
to the filter. This means that the filter is implemented on all 
packets addressed to the concerned end user station (received 
over the concerned access node) . 



15 In a particular implementation the network comprises a GPRS or a 
UMTS/ GPRS system. The access means may comprise a GGSN (Gateway 
GPRS Support Node) . In that case the existing messaging relating 
to activation and set up of a secondary PDP context 
request /response are with advantage used for the setup of a 

20 filter in GGSN. Such messages are then provided with information 
relating to the filter attributes, a service class with the 
context of discarding unwanted data packets not meeting the 
filter requirements given by the filter parameters. However, it 
is of course also possible to create new messages for the 

25 filtering functionality setup. Of course the concept may also be 
implemented on other systems supporting communication of packet 
data such as for example PPDC, CDPD etc. 

In one particular implementation the access means comprises or 
30 are associated with a more or less conventional firewall and the 
filter is then set up, defined and activated, in the firewall. 
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The invention also discloses a method of controlling the 
communication of data between a number of external IP networks 
and an end user station in a communication system comprising a 
backbone network and supporting communication of packet data. 
5 The method includes the steps of; controlling the reception of 
data in the end user station through: providing information from 
the end user station to external packet data network access 
means containing requirements relating to wanted/unwanted data 
information; defining and activating control means in the access 

10 means (or access node) such that only wanted data information is 
forwarded to the end user. The control means particularly 
comprises a filter. The method advantageously further includes 
the steps of; creating a new message for providing the 
information for defining/activating the control means from the 

15 end user station to the access point. In an alternative 
implementation the method includes the steps of; using existing 
signalling/messaging from the end user station to the access 
means for providing the information for defining/activating the 
control means. 

20 

In a particular implementation the backbone network is (UMTS) 
GPRS and the method includes the steps of; using the messaging 
relating to requesting and activating a secondary PDP context to 
setup information control means comprising a customized filter 

25 in an access point comprising a GGSN. Particularly the method 
also includes the step of applying the filter on all data 
packets received in the access means having the address of the 
end user having activated/defined the filter as destination 
address and discarding unwanted data packets or only allowing 

30 wanted data packets to pass through the filter. 
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It is an advantage of the invention that through the 
information control means the end user actually gets control 
over what he wants to receive and what he does not want to 
receive since they are actually remotely controlled and 
5 manipulated by the end user himself. This makes it both more 
flexible,, cheaper and quicker to install than it would be 
through any kind of operator controlled filter means. It is also 
an advantage that, in one embodiment, existing messaging can be 
used. Then it is very easy to implement the functionality, 

10 without awaiting any amendments to standards etc. which is 
important since the problems for end users relating to reception 
of unwanted data, particularly as far as charging is concerned 
presumably will be even more serious in the future. It is also 
an advantage that not only an end user can introduce a filtering 

15 function, he can also remove a filtering function, modify the 
filtering function etc. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The invention will in the following be further described in a 
20 non-limiting way and with reference to the accompanying drawings 
in which: 

Fig. 1 very schematically illustrates a wireless data 
communication system wherein information control means 
25 are provided in access means towards external IP 

networks , 



30 



Fig. 



2 



very schematically illustrates a UMTS / GPRS system to 
which the inventive concept can be implemented as above, 
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Fig. 3 in a simplified way indicates messaging between a 
user station and an access point for remote setup of a 
filter, 

5 Fig. 4 illustrates the PDP Context Activation Procedure for 
GSM, 

Fig. 5 is a figure similar to Fig. 4 but for UMTS, 

10 Fig. 6 illustrates the Secondary PDP Context Activation 
Procedure for GSM, 

Fig. 7 is a figure similar to Fig. 6 but for UMTS, 

15 Fig. 8 illustrates one embodiment of the invention as 
implemented on UMTS/GPRS and using existing messaging 
and, 



20 



Fig. 9 is a flow diagram describing the embodiment of Fig. 8. 



DETAILED DESCRIPTION OF THE INVENTION 

Fig. 1 very schematically illustrates a communication system 
supporting wireless communication of data. A wireless host, here 

25 called User Station US 1 is via a radio interface connected to a 
radio network RAN 2 which communicates with the backbone network 
3. The backbone network 3 comprises a number of access points or 
Access Nodes AN 4 which here generally are denoted access means, 
of which only one is illustrated in the figure, for the 

30 provision of access between User Stations US 1 and external 
packet data networks 6. The Access Node AN 4 communicates with a 
router 5B and an ISP 5A for routing traffic to/from external IP 
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networks 6A, 6B . An example on an external IP network is the 
Internet 6A; it may also be a corporate LAN etc or an X.25 
network. For Internet, the routing means 5A comprises an ISP 
(Internet Service Provider) . Generally the user station 1 needs 
5 to perform signalling to for example a base station (not shown) 
in the fixed part (BSS) of the backbone network 3 to get access 
to said backbone network 3. When access has been provided, 
according to the present invention, the user station 1 may send 
a message, a new message or an already defined message with 

10 supplementary information, to the Access Node AN 4 to set up a 
filter (information control means 7) in, or in means associated 
with, said access node. Information relating to the filtering 
requirements are included in or added to the message or sent in 
a subsequent message; the invention is not limited to any 

15 particular way of doing this, the important thing being that the 
user station 1, i.e. the end user, is able to initiate the setup 
of a filter so as to enable the user to determine what 
information he wants to receive or what information he does not 
want to receive without interference or assistance by any 

20 operator or without requiring that the operator handles the 
filtering procedure. 

Fig. 2 is a figure similar to that of Fig. 1 but relating to a 
particular embodiment in which the backbone network is the 
25 GPRS/UMTS as standardized for example in 3G TS 23.060, v3 . 4 . 0 
(2000-07) Technical Specification 3GPP™ and TS 24008 v3 . 4 . 1 
(2000-07) , 3GPP . 

In Fig. 2 a user station 11 is shown which comprises a computer 
30 connected to a mobile station MS which in turn is connected to 
the backbone network 31, here comprising UMTS/GPRS, over a radio 
interface connected to a radio network RAN 21 which in turn 
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communicates with a SGSN 29 (Serving GPRS Support Node) , 
c.f. e.g. TS 04.64 v5 . 1 . 0 (1997-12) which describes the MS-SGSN 
and GPRS. SGSN 29 is over the backbone network 31 connected to a 
GGSN 41 (constituting the access node) which is a gateway GPRS 
5 support node. The GGSN 41 is connected to a router 51, for 
routing to an external IP network 61, e.g. Internet. If the 
external network 61 is the Internet, the router 51 may be an ISP 
as discussed above. To the external network 61 a number of hosts 
or servers 62A, 62B are connected, only two of which are shown 
10 for reasons of simplicity and which IP network users may access. 

US 11 has to signal to a base station (not shown) in the 
backbone network 31 in the fixed network part of the system. In 
GPRS and UMTS systems this is performed by the user station US 

15 11 executing an attach procedure to get access to the GPRS/UMTS 
network, followed by the PDP context procedure to get access to 
an external network via an ISP or more generally via a router. 
The attach and PDP context procedures are described in the above 
mentioned references and will also be more thoroughly explained 

20 below. 

The inventive concept is applicable to any systems supporting 
communication of packet data and in which end users may face the 
problem(s) initially referred to. 

25 

In Fig. 3 is shown in a very simplified manner how messages are 
sent to provide for end user controlled filter setup. It is here 
supposed that access or connection already has been provided 
between the user station and the backbone network before a 
30 filter can be set up, although this is not the case if the user 
station is a fixed station. It is hence supposed that a Set User 
Station (US) filter request is sent from the User Station (US) 
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to the access point or access node AN. In an advantageous 
embodiment the request contains a list of parameters defining 
the filter requirements, i.e. which packets should be allowed 
and which should not be allowed respectively for further 
5 forwarding from the external network towards the end user having 
set up the filter. Thus, the end user of a user station can 
inform the access means to set up a customized user profile. The 
access node then uses the information from the user station to 
set up the user packet filtering function in the Access Node AN 

10 accordingly. When the filtering functionality has been set up in 
the access node, a set US filter response is returned from the 
Access Node AN to the User Station US. When the filter has been 
setup, the end user can control which data that is to be 
received from one or more external networks and thereby obtain 

15 control of received, and, if applicable, charged data and 
information, which is extremely advantageous. 

Optionally a security function may be included which, after a 
filter request has been received in the access node, is 
20 performed through signalling between user station and access 
node in any appropriate or known manner. If the user station 
passes the optional security function, the access node proceeds 
to setting up the user customized packet filtering function. 

25 After the filter function has been set up, i.e. defined and 
activated, in the Access Node AN, the data traffic from the 
external network, which matches the attributes of the filtering 
function, will be discarded in the access node. The end user may 
of course use a number of different attributes to set up the 

30 user profile in the access node. Below some examples are given: 
source IP address or subnet in the IP header; source port number 
in the IP header; source type of protocol in the IP header, from 
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which router, or particularly ISP, the IP packet is received 
etc. It is also possible to, for example, filter out FTP (File 
Transfer Protocol) packets. The filtering functionality may be 
implemented in different access nodes providing access to one or 
5 more external IP networks. 

Below, and with reference to Figs. 4-8, particular embodiments 
relating to GPRS/UTMS will be more thoroughly discussed in which 
already existing messages are used for the provision of a user 
10 defined and activated filter. As referred to above, however, it 
is also possible to create new messages specifically for the 
intended purpose. 

According to the invention, it is possible to implement the 
15 invention to the 3GPP 23.060 standard with a minimum impact. The 
messages "activate secondary PDP context request /response" can 
be used to set up a "no service traffic class" and a "waste 
basket context". The message request will then particularly 
contain a new QoS (Quality of Service) value identifying such a 
20 "no service" request. Furthermore the message preferably 
contains a TFT (Traffic Flow Template) specifying the user 
defined filter attributes which can be said to act as a firewall 
stopping packets according to requirements but letting others 
pass. 

25 

Quality of Service (QoS) comprises a quality of service 
information element specifying the QoS parameters for a PDP 
context (PDP is a Packet Data Protocol such as for example IP) . 
Quality of Service is further described in 3G TS 24.08. v3 . 4 . 1 
30 (2000-07) by 3GPP which herewith is incorporated herein by 
reference. In the above mentioned 3G TS 23.060 v3 . 4 . 0 (2000-07) 
by 3GPP, and which also is incorporated herein by reference, PDP 
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context activation, modification, deactivation and 

preservation functions are described in section 9.2 of chapter 
9, Packet routing and transfer functionality. 

5 For example does a GPRS subscription contain the subscription of 
one or more PDP addresses. Each PDP address is described by one 
or more PDP contexts in the MS, the SGSN and the GGSN. Each PDP 
context may be associated with a TFT and at most one PDP context 
associated with the same PDP address may exist at any time with 

10 no TFT assigned to it. The reason for having several PDP 
contexts per PDP address is to get different QoS:s, one for each 
such PDP context. A PDP context is established with a particular 
QoS. TFT differentiates the traffic so that each packet gets the 
appropriate QoS. Every PDP context exists independently in one 

15 of two PDP states. The PDP state indicates whether data transfer 
is enabled for that PDP address and TFT or not. In case all PDP 
contexts associated with the same PDP address are deactivated, 
data transfer for that PDP address is disabled. 

20 In an inactive state, the data service for a certain PDP address 
of this subscriber is not activated. Then no data can be 
transferred relating to that PDP address. An MS may initiate the 
movement from an inactive to an active state by initiating a PDP 
Context Activation procedure. In the active state, the PDP 

25 context for the PDP address in use is activated in MS, SGSN and 
GGSN. 

A GPRS- attached MS can initiate activation, modification and 
deactivation functions at any time for a PDP context in the MS, 
30 the SGSN and the GGSN. Upon reception of an Activate PDP Context 
Request message or an Activate Secondary PDP Context Request 
message, the SGSN initiates procedures to set up PDP contexts. 
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The messaging briefly referred to above can be used to implement 
the inventive concept in that when the backbone network, i.e. 
here GPRS/UMTS, receives and activates a Secondary PDP Context 
5 Request, it will, according to the invention, recognize the new 
"no service" traffic class and then pass the request on to the 
GGSN via the Create or Activate PDP Context Request without 
setting up any bearer resources, such as for example GTP tunnels 
and radio bearer. The GGSN then creates a "waste basket 

10 context", i.e. a context according to which packets not to be 
forwarded to the end user having defined and set up a filter, be 
discarded. Filter attributes coupled to the waste basket context 
are stored in GGSN. Any downlink user packets matching the 
defined filter attributes will then be directed to the waste 

15 basket context and discarded by the GGSN node. 

For the activation procedures referred to above reference is 
again made to 3G TS 23.060 and in Fig. 4 the PDP context 
activation procedure for GSM is described. First the MS, 

20 corresponding to the User Station US, sends an Activate PDP 
Context Request (1 G ) to the SGSN. The MS shall use the PDP 
Address to indicate whether it requires the use of a static PDP 
Address or whether it requires the use of a dynamic PDP Address. 
The MS may use the access point name to select reference point 

25 to a certain external network and/or to select a service. Access 
point name is a logical name referring to the external packet 
data network and/or to a service that the subscriber wishes to 
connect to. QoS Requested is a parameter included in the request 
and it indicates the desired QoS profile. PDP Configuration 

30 Options may be used to request optional PDP parameters from the 
GGSN. PDP configuration options is sent transparently through 
the SGSN. (1 G of Fig. 4) . 
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In GSM security functions may be executed, (2 G ) * This, however, 
is not necessary for the functioning of the present invention. 
It should be noted that some of the messages which are not 
5 substantially relevant for, or affected by, the implementation 
of the inventive concept, are not illustrated in the Figures. 

SGSN validates the Activate PDP Context Request using PDP type 
(optional), PDP address (optional), and Access Point Name 

10 (optional) provided by the MS and the PDP context subscription 
records. The validation criteria, the APN selection criteria and 
the mapping from APN to GGSN is described further in the above 
mentioned technical specification. The SGSN sends a Create PDP 
Context Request (PDP type, PDP address, Access Point Name, QoS 

15 negotiated etc.) message to the affected GGSN. Access Point Name 
shall be the APN Network Identifier of the APN selected. PDP 
address shall be empty if a dynamic address is requested. The 
GGSN may use Access Point Name to find an external network and 
optionally to activate a service for this APN. GGSN creates a 

20 new entry in its PDP context table and generates a charging ID. 
The new entry allows a GGSN to route PDP PDUs between the SGSN 
and the external PDP network and to start charging. The GGSN 
then returns a create PDP context response message, (3 G 2) / 
including among others PDP address, PDP Configuration options, 

25 QoS negotiated etc. to the SGSN. The Create PDP Context messages 
are sent over the backbone network. Thus, according to the 
present invention these messages can be used and modified as 
referred to above, to contain a value for QoS identifying a new 
"no service" request and a TFT specifying filter attributes as 

30 defined by the end user. 
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According to GSM, BSS (Base Station Subsystem) packet flow 
context procedures may be executed; this is however not of 
importance for the present invention. 

5 The create PDP Context Request and Response messages (3 G i) , (3 G2 ) 
are sent between SGSN and GGSN, and GGSN and SGSN respectively. 
Finally, (4 G ) , the SGSN inserts NSAPI (Network layer Service 
Access Point Identifier) together with the GGSN address in its 
PDP context. If the MS has requested a dynamic address, the PDP 
10 address received from the GGSN is inserted in the PDP context. 
The SGSN selects radio priority and the packet flow ID based on 
QoS negotiated and returns an activate PDP Context Accept 
message (4 G ) to the MS. 

15 The SGSN is able to route the PDP PDUs between the GGSN and MS 
and starts charging. According to the present invention, having 
introduced a filtering functionality into GGSN for downlink 
communication, packets matching the user defined filter 
attributes will be directed to the "waste basket" context and 

20 discarded by the GGSN node as discussed above. 

In Fig. 5 the PDP Context Activation procedure for UMTS is 
described. The message (lu) / i.e. the Activate Context Request 
is just like for GSM, sent from MS to SGSN wherein SGSN in this 

25 case is an SGSN-U, i.e. an SGSN supporting UMTS. In other 
aspects it is similar to (1 G ) for GSM. In UMTS, Radio Access 
Bearer setup is performed by the RAB assignment procedure as 
described in 3G TS 23.060 as referred to above. This is however 
not of importance for the present invention, like any security 

30 options (not shown) . Also the create PDP Context Request and 
Create PDP Context Response messages (3 U1 ) , (3 U2 ) are similar to 
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the messages (3 G i) , (3 G 2) described with reference to GSM 
above as is the Activate PDP Context Accept Message (4 D ). 

The Secondary PDP Context Activation procedure may be used to 
5 activate a PDP context while reusing the PDP address and other 
PDP context information from an already active PDP context, but 
with a different QoS profile. The Secondary PDP Context 
Activation procedure for GSM is described in Fig. 6 whereas the 
procedure for UMTS is described in Fig. 7. Thus, with reference 
10 to Figs. 6 and 7 the Secondary PDP Context Activation procedures 
as standardized are described whereas in Fig. 8 an inventive 
implementation is described according to which the secondary PDP 
Context Activation procedure is used to set up a filter in GGSN. 

15 According to Figs. 6 and 7, the procedures for APN selection and 
PDP address negotiation are not executed. Each PDP context 
sharing the same PDP address and IPN shall be identified by a 
unique TI and a unique NSAPI . The Secondary PDP Context 
Activation procedure may be executed without providing a Traffic 

20 Flow Template (TFT) to the newly activated PDP context if all 
other active PDP contexts for this PDP address and APN already 
have an associated TFT, otherwise a TFT shall be provided. The 
TFT contains attributes that specify an IP header filter that is 
used to direct data packets received from the interconnected 

25 external packet data network to the newly activated PDP context. 

The Secondary PDP Context Activation procedure can only be 
initiated after a PDP context is already activated with the same 
PDP address and APN . 

30 

Fig. 6 illustrates the Secondary PDP Context Activation 
procedure for GSM. First the MS sends an Activate Secondary PDP 
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Context Request message to the SGSN including information 
related to linked TI, NSAPI, TI, QoS Requested, TFT, wherein 
linked TI indicates the TI value assigned to any one of the 
already activated PDP contexts for the concerned PDP address and 
5 APN. QoS Requested indicates the desired QoS profile. TFT is 
sent transparently through SGSN to GGSN enabling packet 
classification for downlink data transfer. TI and NSAPI contain 
values not used by any other activated PDP context (1 T G ). 

Security functions (2 T G ) are optional in GSM but since it is 

10 irrelevant if such are implemented or not for carrying out the 
inventive concept, they are not further discussed herein. Then 
SGSN validates the Activate Secondary PDP Context Request using 
the TI indicated by linked TI . The same GGSN address is used by 
the SGSN as for the already activated PDP context or contexts 

15 for that TI and PDP address. SGSN and GGSN may restrict and 
negotiate the requested QoS as in the PDP context activation 
procedure. The SGSN sends a Create PDP Context Request (QoS 
negotiated, TEID, NSAPI, primary NSAPI, TFT) message (3 T G i) to 
the concerned GGSN. Primary NSAPI indicates the NSAPI value 

20 assigned to any one of the already activated PDP contexts for 
the PDP address and APN. TFT is included only if received in the 
Activate Secondary PDP Context Request message. GGSN uses the 
same external network as used by the already activated PDP 
context (s) for the concerned PDP address, generates a new entry 

25 in its PDP context table, and stores the TFT. The new entry 
allows the GGSN to route PDP PDUs via different GTP tunnels 
between the SGSN and the external PDP network. The GGSN returns 
a Create PDP Context Response message to the SGSN (3'g2)« 
Further procedures may be executed which however are not 

30 relevant for implementing the present invention. 
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Finally the SGSN selects Radio Priority and Packet Flow Id 
based on QoS Negotiated and returns an Activate Secondary PDP 
Context Accept message (4 T G ) to the MS. 

Fig. 7 is a Figure similar that Fig. 6 with the difference that 
5 in UMTS, Radio Access Bearer is performed through the RAB 
Assignment procedure (2 T u). The messaging (1 ' G/ 3 l G1 , 3 ! G 2, 4 t g) of 
Fig. 6 corresponds to the messaging ( 1 T v , 3 1 01 , 3 1 U2 , 4 1 u ) for UMTS. 

In Fig. 8 the use of the Secondary PDP Context Activation 
10 procedure messaging to implement the inventive concept will be 
described. The Mobile Station MS, corresponding to the User 
Station US, sends an Activate Secondary PDP Context Request to 
SGSN combining parameters QoS = O, TFT = filter, and contains 
filter attributes, 10. SGSN sends a PDP Context Request 
15 (QoS = no service, TFT = filter, all attributes) 20^, to GGSN. 
No bearer resources are setup or requested. In GGSN a waste 
basket context is setup. The GGSN sends a PDP context response 
20 2 to SGSN which sends a activate Secondary PDP Context Accept 
30 to the user station US. The filtering function is then 
20 implemented on all downlink user packets such that if the packet 
characteristics match with TFT filter attribute criteria, the 
packet is directed to waste basket context for discarding by the 
GGSN. 

25 Thus, according to the invention an end user of a mobile host is 
provided with means to control the reception of (un) wanted data 
and an end user can set up a desired filter profile remotely. 
The user profile contains the filtering function attributes. The 
filter can be reset or modified whenever the end user so wants. 

30 Fig. 9 is a flow diagram illustrating the procedure for a user 
controlled, remote setting up of a personal filtering profile. 
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In the flow diagram of Fig. 9 it is first supposed that end 
user A wants to obtain control over the reception of data from 
external IP networks. The reason therefore may be that it is 
detected that packet are sent maliciously, that end user A 
5 simply receives too many packets which end user A is not 
interested in, that A simply wants to limit the reception of 
data or that A wants to receive data for example only from a 
particular source or for any other reason. End user A performs 
an attach procedure for attachment to the backbone network, 101, 
10 if this was not already done before. Subsequently end user A 
initiates a PDP Context Activation procedure, 102, as further 
discussed above with reference to for example Fig. 4 or Fig. 5. 

Then end user A sends an Activate Secondary PDP Context Request 

15 to SGSN with a new QoS value relating to "no service" and TFT 
specifying filter attributes such as for example source IP 
address or one or more of the other filter attributes referred 
earlier in the application or any other appropriate attribute or 
attributes, 103. This request is received in SGSN; SGSN sends a 

20 Create Secondary PDP Context Request with the above mentioned 
QoS and TFT to GGSN, 104, as also discussed earlier. 
Subsequently the filtering functionality according to the user 
defined requirements is setup in GGSN , with a context relating 
to disposal of packets with specified attributes, 105. A 

25 response message relating to the creation of a PDP Context is 
then provided from GGSN to SGSN, 10 6. From SGSN a confirmation 
message relating to acceptance of the activation of a Secondary 
PDP Context is sent to the user station of end user A, 107. Then 
the filter is applied on all data packets from the external 

30 network (s) containing the destination address of end user A, 
108. Unwanted packets are then discarded in GGSN, 109. 
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It should be clear that the invention is not limited to the 
particularly described embodiments but that it is applicable to 
all communication systems supporting communication of packet 
data from external networks to an end user, particularly 
5 relating to wireless user stations but also to fixed stations if 
similar problems are present, for example as far as charging is 
concerned but also more generally if an end user wants to obtain 
control over the reception of wanted and unwanted information. 
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CLAIMS 

5 1. An arrangement in a communication system supporting 
communication of packet data with a number of end user stations 
(1;11), a backbone network (3;31), a number of access means 
(4;41) for providing access between end user stations (1;11) and 
external packet data networks (6A, 6B/61), 

10 characterized in 

that information control means (7; 71) are provided, that said 
information control means (7; 71) are end user controlled and 
comprises an optional end user defined and end user activated 
filter, such that an end user (1;11) selectively can control the 

15 reception of data packets from the external packet data 
network(s) (6A,6B;61) . 

2. An arrangement according to claim 1, 
characterized in 

20 that the end user station (s) (1;11) is/are connected to the 
backbone network (3; 31) over a radio interface. 

3. An arrangement according to claim 1 or 2 r 
characterized in 

25 that the end user station (s) is/are mobile. 

4. An arrangement according to claim 1 or 2 r 
characterized in 

that the end user station (s) is/are fixed. 

30 

5. An arrangement according to any one of claims 1-4, 
characterized in 
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that the/an external packet data network is an IP-network 
(6A) e.g. the Internet. 

6. An arrangement according to any one of the preceding claims, 
5 characterized in 

that the external packet data network (s) comprises (a) corporate 
LAN ( s ) . 

7. An arrangement according to any one of the preceding claims, 
10 characterized in 

that the end user setup filter is provided in an access means 
(4;41), i.e. an access point, to an external packet data 
network, e.g. an IP-network. 

15 8. An arrangement according to claim 7, 
characterized in 

that for external packet data network access, the access means 
(4;41) is connected to a router (5A,5B;51), for Internet access, 
e.g. an ISP (Internet Service Provider) (5A) . 

20 

9. An arrangement at least according to claim 8, 
characterized in 

that the filtering functionality of the filter is provided in 
the access means (4;41). 

25 

10. An arrangement according to any one of the preceding claims, 
characterized in 

that the filter is defined by the end user (1;11) and In that a 
number of filtering function attributes are used to define the 
30 filter. 

11. An arrangement according to claim 10, 
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characterized in 

that for setting up a filter, a message signal is provided from 
the end user station (1;11) to the access means (4;41). 

5 12. An arrangement according to claim 11, 
characterized in 

that a specific message signal is created for end user 
controlled filter setup. 

10 13. An arrangement according to claim 11, 
characterized in 

that an existing message signal is used for end user controlled 
filter setup. 

15 14. An arrangement at least according to claim 10, 
characterized in 

that the filtering functionality is positive or negative, i.e. 
defining either wanted or unwanted information. 

20 15. An arrangement according to claim 10 or 14, 
characterized in 

that the filtering function attributes relate to one or more of 
source IP address, IP subnet, source port in IP header, source 
type of protocol in IP header, originating router, e.g. ISP, FTP 
25 files etc. 

16. An arrangement according to any one of the preceding claims, 
characterized in 

that the filter functionality setup presupposes successful 
30 connection/attachment of the end user station (1;11) to the 
backbone network (3;31). 
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17. An arrangement according to any one of the preceding 
claims, 

characterized in 

that the backbone network comprises a GPRS (UMTS/GPRS) system. 

5 

18. An arrangement according to claim 17, 
characterized in 

that the access means is a GGSN (Gateway GPRS Support Node) 
(41) . 

10 

19. An arrangement according to claim 18, 
characterized in 

that the existing messaging relating to activation and set up of 
a secondary PDP context request/response are used to set up a 
15 filter in GGSN (41) . 

20. An arrangement according to claim 19, 
characterized in 

that the message contains information relating to filter 
20 attributes, a service class with a context of discarding 
unwanted data packets (not) meeting requirements given by filter 
attributes . 

21. An arrangement according to any one of the preceding claims, 
25 characterized in 

that the filter is applied on all data packets received in the 
access means (4; 41) and with a destination address corresponding 
to the end user address. 

30 22. An arrangement according to claim 1, 
characterized in 
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that the access means (4; 41) comprises/are associated with a 
firewall, and in that the filter is set up in the firewall. 

23. A method of controlling the communication of data between a 
5 number of external packet data networks and an end user station 

in a communication system comprising a backbone network and 

supporting communication of packet data, 

characterized in 

that it comprises the steps of: 
10 - providing information from the end user station to an 
external packet data network access node containing 
requirements relating to wanted/unwanted data information; 

- defining and activating information control means comprising 
a filter in the access node such that only wanted data 

15 information is forwarded to the end user, such information 

control means being remotely controlled by the end user. 

24. A method according to claim 23, 
characterized in 

20 that it comprises the step of: 

- creating a new message for providing the information for 
defining/activating the information control means from the 
end user station to the access node. 

25 25. A method according to claim 23, 
characterized in 
that it comprises the step of: 

using already existing signalling/messages for providing the 
information for defining/activating the information control 
30 means, between the end user station and the access node. 

26. A method according to claim 25, 
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characterized in 

that the backbone network is (UMTS) GPRS and in that it 
comprises the step of: 

using the messaging relating to requesting and activating a 
5 Secondary PDP Context to setup information control means 

comprising a customized filter in an access node comprising 

an GGSN. 

27. A method at least according to claim 23, 
10 characterized in 
that it comprises the step of : 

applying the filter on all data packets received in the 
access node having the address of the end user having setup 
the filter as destination address; 
15 - discarding unwanted data packets in the access node. 
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